The Hacker News — Cyber Security, Hacking, Technology News

Phishing — is an older style of cyber-attack but remains one of the most common and efficient attack vectors for attackers, as a majority of banking malware and various ransomware attacks begin with a user clicking on a malicious link or opening a dangerous attachment in an email.

Phishing has evolved than ever before in the past few years – which is why it remains one of those threats that we have been combating for many years.

We have seen phishing campaigns that are so convincing and effective that even tech-savvy people can be tricked into giving away their credentials to hackers. And some that are "almost impossible to detect" and used to trick even the most careful users on the Internet.

To help combat this issue, Google has introduced a security defence for it's over a billion users that will help users weed out phishing emails from their Gmail inbox.

Google has rolled out new anti-phishing security checks for its Gmail app for iPhone users that will display a warning about potential phishing attempts when users click on a suspicious link from within the app on their iPhone or iPad.

This new feature will take nearly two weeks before it is available everywhere.

According to the tech giant, when a user clicks on a link that Google thinks could be suspicious, they will be displayed a pop-up, warning of an untrusted nature of the website they are attempting to visit.

Suspicious link
This link leads you to an untrusted site. Are you sure you want to proceed to example.com?

If the user ignores this first warning and continue, the Gmail app will display another warning with more detailed information about the suspected malicious website that the company finds it to be a malicious phishing page.

Warning – phishing (web forgery) suspected

The site you are trying to visit has been identified as a forgery, intended to trick you into disclosing financial, personal or other sensitive information.

You can continue to example.com at your own risk.

A similar feature has already been made available in the Gmail app for Android since May of this year.

Although the feature would surely not detect every phishing attempt that could compromise your credentials, we believe it will help users combat such attacks to much extent.

So, always exercise caution over what links you click mentioned in your emails or attachments you open.

Additionally, Gmail users need to enable two-factor authentication, so even if attackers have access to your credential, they will not be able to proceed further without your phone or the USB cryptographic key in order to access your account.

Some things online can never change like -- Terrible Passwords by Humans.

When it's about various security measures to be taken in order to protect your Internet security, like installing a good anti-virus or running Linux on your system doesn’t mean that your work gets over here, and you are safe enough from online threats.

However, even after countless warnings, most people are continuously using deadly-simple passwords, like '123456' or 'password,' to safeguard their most sensitive data.

Evidence suggests that weak passwords are as popular now as they ever were, and the top 25 passwords of 2015 are very easy to guess.

Password management firm SplashData on Tuesday released its annual "Worst Passwords List". The 2015 list almost resembled the 2014 list of the worst password, but there are some interesting new entries, including the Star Wars-inspired 'solo,' and 'starwars.'

Sport remains popular among online users as 'football' and 'baseball' are both on the top 10 list of worst passwords.

Top 25 Worst Passwords of 2015

SplashData analyzed over 2 Million leaked passwords in 2015, and the results are as follow:

123456

password

12345678

qwerty

12345

123456789

football

1234

1234567

baseball

welcome

1234567890

abc123

111111

1qaz2wsx

dragon

master

monkey

letmein

login

princess

qwertyuiop

solo

passw0rd

starwars

"The longer passwords are so simple as to make their extra length virtually worthless as a security measure," says SplashData

The importance of online security around personal data has increased due to the rise in data breaches and cyber attacks over recent years.

Last year was the year of data breaches. According to an estimate, around 480 Million personal data records were leaked online, which included high-profile breaches at the United States Office of Personnel Management (OPM) and the extramarital affair site Ashley Madison.

So remember: "God helps those who help themselves," likewise nobody can secure you online unless and until you are not willing to.

How to Create a Strong Password

Always create different passwords for different sites. So that if one site is breached, your other online accounts on other sites are secure from being hacked.

These are some useful tips that will help you make password strength secure and easier to remember:

Use a combination of lowercase, uppercase, numbers, and special characters of 8 characters long or more like s9%w^8@t$i.

Use short passphrases with special characters separating to make it difficult for crackers and could be easily remembered like cry%like@me (cry like me).

Avoid using the same combination of passwords for different websites.

If it is difficult for you to remember different passwords for different websites, then use best Password Manager applications like RoboForm, 1Password, LastPass.

Does a Strong Password Guarantee you the Security of your Online Account? If yes, then you should once check out our 'Data breaches' section on the website.

A Startup Company, SlickLogin has developed a technology that enables you to login into online accounts using Ultrasonic sound, instead of entering username and password on your.

The company claims its technology offers "military-grade security" that replaces passwords in the two-step process simply by placing your Phone next to their laptop or tablet.

When you sign-in via SlickLogin enabled website, the computer will play a sound which is encrypted into Ultrasonic Sound, inaudible to the human ear, but your Smartphone can hear it.

The Smartphone Sends data back to the SlickLogin Servers for authentication and grants immediate access. Each sound is different, unique and cannot be reused to hack an account.

Recently, Google has acquired this two month old Israeli Startup, "Today we're announcing that the SlickLogin team is joining Google, a company that shares our core beliefs that logging in should be easy instead of frustrating, and authentication should be effective without getting in the way." SlickLogin website said.

SlickLogin also uses WiFi, Bluetooth, NFC, QR codes and GPS to prevent your account from hackers on the other side of the world.

SlickLogin Technology gives you a way to set an unforgettable password, but at the same time physical access to the Smartphone may pose critical threat to your online accounts and Smartphones with Low battery Backup may trouble you most of the times.